It’s 2016 all over again. The FBI can’t get everything it wants from a dead person’s phone, so it has decided to start revving up its anti-encryption engine. The DOJ took Apple to court in hopes of securing precedent compelling tech companies to crack encrypted devices for it after it recovered the San Bernardino shooter’s iPhone. That attempt failed. But that hasn’t stopped the complaining.
Before we get into the latest bout of whining to Congress, let’s take a look back at another date: May 29, 2018. That’s the date the FBI acknowledged it had seriously overstated the number of uncracked encrypted devices in its possession. That was the same day it promised to deliver an updated, far more accurate tally of these devices. It has been 2,246 days since that promise was made — 6 years, 1 month, and 23 days. That number still has not been updated.
However, that six years has been filled with FBI Director Chris Wray’s intermittent bad faith attacks on encryption. If nothing else, no one should allow the FBI to push anti-encryption arguments until it hands over the updated number of devices so everyone has the same facts available to gauge exactly how big the “problem” is.
But the latest round of complaints sound like the ones made in 2016. Even though the FBI was able to break into the Trump rally shooter’s device thanks to unreleased software provided by Cellebrite, Chris Wray is telling Congress that being able to break into a phone simply isn’t enough. All encryption must go, not just that protecting the device itself.
Wray said the bureau is facing challenges with getting into “encrypted messaging applications” used by Thomas Matthew Crooks, who was killed by a Secret Service counter-sniper team after firing at least eight shots toward the stage at the July 13 rally in Butler, Pennsylvania. Reports said officials have identified at least three such accounts.
Speaking to the House Judiciary Committee, Wray said that in some cases, the FBI is waiting on “legal process returns” to get into the accounts. He did not specify what companies or services host them.
Wray is presenting the reality of all criminal investigations like it’s evidence that the criminals are constantly one step ahead of the feds, even when said criminal is dead and neither facing prosecution nor capable of committing more crime. It’s not a great test case for anti-encryption legal battles or legislation, much like the last time the FBI made a lot of noise about not being able to get into a dead person’s phone.
But that’s not all Wray said. This part is even worse and a whole lot stupider.
“This has unfortunately become very commonplace,” he said. “It’s a real challenge not just for the FBI but for state and local law enforcement all over the country.” Even with access to a user’s phone, the end-to-end encryption used in many apps would make messages and other data inaccessible even to the app developer.
“Some places we’ve been able to look, some places we will be able to look, some places we may never be able to see, no matter how good our legal process is,” Wray said.
First off, there’s no way of telling how “commonplace” this is because, as noted above, the FBI’s encrypted device numbers have been wrong for more than six years and have yet to be corrected. We can assume it’s more commonplace now that more services are offering end-to-end encryption, but we should not automatically assume it’s enough to be referred to casually as “commonplace” and a persistent threat to successful criminal investigations. If it were, one would expect to hear more about it from other law enforcement officials. Instead, most of what we hear about the supposed evil of encryption has come from the mouths of consecutive FBI directors.
As for the second paragraph, that’s something that’s always been true about criminal investigations, dating back to long before devices or device encryption existed. No investigation will ever uncover all existing evidence. It’s an impossibility. Some evidence will be destroyed. Some evidence simply won’t be where investigators are looking for it. And some evidence is ethereal, gone as soon as it’s uttered via untapped phone calls or in-person conversations.
Pretending that this reality of criminal investigations is somehow new is intellectual dishonesty. Claiming that it’s somehow more common due to encrypted devices and communication services is meaningless if the FBI’s not willing to give the public — or at least its congressional oversight — accurate information detailing just how often the FBI runs into this particular problem.
Until the FBI can be honest about the problem its directors claim is omnipresent, its anti-encryption agitation should be ignored. And it should certainly be ignored when the FBI is doing nothing more than complaining about a lack of access to a dead person’s phone contents and communications.
